JWT client authentication fails using kubernetes service account tokens

I’m trying to use kubernetes generated (bound) service account tokens to authenticate my OAUTH2 client against keycloak.

However, keycloak requires the token to have a jti, while the tokens generated by kubernetes don’t have that.

Now, one can argue that its more secure to require a jti, but on the other hand it breaks some integration (jti is optional in the JWT spec).

Any chance of (conditionally) dropping this jti requirement ?
Alternatives I have is creating my own custom token authenticator (which i want to prevent) or get a fix in KS.

More info in https://github.com/keycloak/keycloak-community/issues/180